NSA Reportedly Using the Heartbleed Bug for 2+ Years, Denies Claims

heartbleedAccording to a Bloomberg report today, it has been reported that the NSA has been exploiting the Heartbleed bug for at least two years. A report earlier this week stated up to 66% of websites use the affected software, including popular email and social media sites.

While the NSA has denied these claims, the agency has more than 1,000 experts using sophisticated techniques, many of which are classified, to search out security flaws such as Heartbleed. A source “familiar with the matter,” according to Bloomberg, claims the flaw was discovered early on and has been exploited by the NSA.

At this point, it is unclear whether anyone outside the U.S. government has accessed personal information through Heartbleed. According to a Business Insider report, the method of access is untraceable, so it’s possible we may never be able to determine whether other sources accessed personal information from approximately two-thirds of the websites using this encryption method.

Currently NSA involvement and/or exploitation through Heartbleed is up to speculation. As far as I have found, no sources have been named at this point to validate these claims. “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,” the agency said in a statement. “Reports that say otherwise are wrong.”


What do you think?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s